RFC: ethtool support for n-tuple filter programming

[Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>]

All,

I'm looking to add support to ethtool that would allow programming of
full n-tuple filters into underlying devices.  Currently, ixgbe has
support for these types of perfect match or mostly match (masked)
filters.  I imagine other hardware exists that also has support for
this, so I'd like to make this interface usable for everyone.

Note that this is similar behavior in the iproute2 tools, but it's
different enough, in my opinion, to warrant being in ethtool.  The
iproute2 tools (specifically tc) manipulate the qdiscs to add filters in
the kernel packet schedulers.  This proposed solution is managing the
hardware in the underlying device, which iproute2 tools currently don't
touch.  Hopefully this is obvious for those reviewing this proposal.

What I currently have as possible inputs to ethtool are:

- src/dst IP address: 32-bits each, 128-bits each for IPv6
- src/dst port: 16-bits each (TCP/UDP)
- VLAN tag: 15-bits
- L4 type: 8-bits (TCP/UDP/SCTP currently, can grow later)
- User specified field: currently 32-bits, can be anything a driver
wants to use
- Action: signed 16-bits (-1 indicates drop, any other value is the Rx
queue to steer the flow to)

Now all of these fields, except action, can also have a mask supplied to
them, but it's not mandatory.

An example ethtool command with this support could be:

# ethtool -F ethX dst-ip 0x0101a8c0 src-ip 0x0001a8c0 0x00ffffff
dst-port 0x1600 src-port 0x0000 0x0000 usr 0x8906 act 5

This will program a filter that will filter traffic coming from
192.168.1.0/24 to 192.168.1.1, port 22, from any source port, and will
place all those matches packets into Rx queue 5.  It also specified a
user-defined field of 0x8906, which a driver can use at its own
discretion (or omit completely).

Then running the ethtool -f ethX command could dump all currently
programmed filters.

Any comments, thoughts, suggestions, or ideas are welcome.

Cheers,
-PJ Waskiewicz